Topic: Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked) (Read 635 times)

he just made a text file of PUBLIC ADDRESSES and told a naive second party that they were security keys attached and to notorise the PUBLIC addresses as collateral to then scam the aussie tax office and then rescam private investors.

right now he is trying to patent and case law create proof of something to then try selling these patents and his 'story'(book deal) to repay debts.

he is a scammer doing scam after scam pretty much a 'rob peter to pay paul' to scam person after person to scam scam scam.

he has no collateral originating as his own. its all scam and trickery to syphon money from investors and try repaying bits out to try keeping them calm and prolong it as long as possible

Hmm, this would be almost impossible here, even if I would try paying in cash, I would have to buy most of the stuff from Aldi or other chain stores as most electronics stores ask for your name and data even if you're paying in cash. Besides for most things the warranty is void without a name printed on it, so you'd have to id yourself at least once.


Yeah, one of the things people always forget when it comes to security.
One additional thing is that if in the case of a bank transfer that is reversible in case you have been robbed and your bitcoins have entered the thief account....good luck retrieving them.
You can jail him, 20 years in prison, but when he comes out if he has hidden the keys good enough he still has the loot and nobody can do anything about it.

I remember a debate about bitcoin ending corruption...
If I would be a persona accepting a bribe I would simply have a QR code on a piece of paper on my desk and point to it, prove in court I own that address, prove in court I have the funds, try and take my coins away.  



Big names already have all their info available if you do a simple search, you can get their address in a few minutes looking at their FB pages, for god's sake, some Yt Instagram or FB "influencers" actually let people know their phone number and mail their fan art or gifts directly to their home. Everybody knows about the big names, we have gossips all day about that guy and this guy buying coins, winning an auction investing in it.

When your name is unknown how would a thief know you are storing millions or 2000$ or if you haven't  gifted it already just from your name?

I've read before that hardware wallet isn't that fully secured at all especially when you ordered it online in a cheap prices, coz we all want to buy at cheap price right?, but for some reason hackers do take advantage of it too. I barely remember Where did I read it but the article was about amazon sellers or should I call them resellers, where they sell ledgers, trezor, and any hardware wallet with tampered private keys or the security is already breach by them just before you have an access with it, in short the are the owner of it.

I wrote a reminder of it here in the forum, you can check the discussion here https://bitcointalksearch.org/topic/m.54268928

If you have a hardware wallet you must read this. https://newsblockchain.io/news/hardware-wallets-are-not-all-equally-secure
Your data can be already compromised but you still don't know that

Ledger Nano S and Trezor are some of the best, safe and secure wallets ever. in a Ledger Telegram channel they are saying that it's official, they are not hacked. Ledger already claims that the rumours are false. You need Always think twice when handing over personal information, especially on shady websites.

But in the financial sector this is very dangerous. A class of sellers of a brand of digital currency storage  Trezor and Ledger, if not able to maintain the secrecy of these buyers is sad. Trezor and Ledger should monitor their resellers, if necessary there must be permission through the fulfillment of buyer's requirements guarantee security.

yeah, certainly you have a point here.

But when I buy a bed and they deliver it to my house, walmart/etc share this data and many companies will have your data (phone, address, name ,email). While ledger (theoretically) don't, as they are "concerned" about privacy (unless if there is a data leak lol)...

Sadly, our situation is very complicated to protect our privacy...

I have a bank account, yes. Unfortunately, it is impossible for me to live without one.

I have all these items, all bought in person, paid for in cash or bitcoin where possible, and taken home by myself. When I moved house, I dismantled and packed everything myself, and moved with the help of one friend and his truck. I also use Amazon, paying entirely in non-traceable giftcards, and delivering to a drop off location which I later pick up from.

Is it a bit of an inconvenience to do all these things? Sure. Is it worth it to keep my personal data out of the hands of the likes of Google, Amazon, Facebook, and everybody else who wants it? Definitely.

Even if they had delivered to me, it isn't. Strangers knowing that you own a bed is absolutely not comparable in terms of risk to strangers knowing that you own a hardware wallet.

When i wrote that I remembered we chatted about it a few weeks ago...

But how can you avoid giving information to "any of these sites"?

You are a physician, right? Do you only receive payments in bitcoin? If you have a bank account, you gave your perfonal information to those sites.

If you ever bought something online, you gave your information to those sites.

Do you have a TV in your house? A bed? a refrigerator? Did you carry those itens personally in your back, or did you gave your personal information to those sites so they could deliver it in your house? If they delivered it to you, your situation is worse than ledger customers...

Unless you are an alien or someone like Jameson Loop, all your data is available to those companies.

I read this a few months ago (couldn't find the original, but this one is enough)
https://www.nytimes.com/2019/03/12/technology/how-to-disappear-surveillance-state.html

His measures included renting a fake apartment to receive stuff from walmart, purchasing a tiny second property just for this purpose,Make up a fake name for casual interactions, Get a new phone number (do you have one for more than a year?), Create a new corporate identity, hiring a personal investigator to test his set up  and so on.

Do you have children which do not follow all those crazy stuff? Well, so all your privacy concerns are basic useless...

I think we need to separate idealism from reality.

Edit: I use adblock, firefox, I do not give personal data to any exchange or airdrop, I try to avoid google products (but i have some of them...) I think I am worried about privacy more than 99% of people, but there is a limit to this.

I gave my docs to the 2 exchanges that I use fiat/btc and 3-4 traditional stocks exchanges, I buy stuff online to deliver in my house and so on. I care about privacy, but I don't have secrets. Walmart need my address to deliver stuff in my house, for example.

I have seen in a Ledger Telegram channel about this and they are saying that it's official, they are not hacked.

https://www.ledger.com/our-ecommerce-database-has-not-been-hacked

Some of us care. Some of us care enough to not give our personal information to any of these sites.

Still, the issue here is people worrying about become a target for a physical attack. It's very hard to hold someone at gunpoint and make them empty all their fiat accounts in to yours - there will be withdrawal limits, extra security checks, phone calls to and from the bank, delays, etc., not to mention the attacker must use a bank account not linked to them but they can still access so they aren't immediately identified. Conversely, you can hold someone at gunpoint and make them empty all their bitcoin wallets in to yours in 5 minutes, completely anonymously, without any additional security checks.

I don't want the whole world knowing my name and address, and I certainly don't want the whole world knowing my name and address and the fact that I've bought hardware wallets.

There is too much fuzz about so small thing imo.

We give our personal data to banks, financial institutions,  department stores such as Walmart, Amazon etc, government institutions and so oneverytime.

Those websites  openly sell and share our data with their partners , and nobody cares.

This is why we receive marketing calls, advertisements in SMS an spam in our emails.

When a cryptocurrency related company have a rumored small leak, the world falls apart...

Well, many don't even know this could be a problem first of all. For example, there are lots of people storing critical data in cloud storage - this database security thing is pretty much something you learn about if you are interested in tech. I'm talking about smaller businesses too, not necessarily corporations which certainly do have some workers building up stronger security.

The thing I'm trying to underline is, the things governments could solve and find out by asking a business to hand out a specific customer's data might be nothing compared to the damage a large security breach could do.

I wasn't specifically saying that Shopify and Ledger are shady websites, I even use Shopify myself. I was just putting out a point for the people who think it's fine giving away your home address to various websites.

Yeah, but you can't call Shopify a shady website. They are well known for years and majority of users trust them with their data. Besides, if Ledger as a company use them to sell their devices, why would some user think of them as a shady website?


If a government requires businesses to store customer data, then it should require some level of database security. If a business gets their customer's data stolen due to a database hack because of some unfixed security hole, then that business could to be blamed too.

It is quite scary how a little database leak could lead to a huge chain of robberies involving potentially millions of USD, specifically if big names & their addresses are leaked. The worst part is, governments may require businesses to store customer details but a business doesn't always have a high level database security. In fact, I'd guess most of them don't.

Update: Ledger already claims that the rumours are false. While we can all have our sighs of relief now, make this be a wake up call that it's heavily not recommended to be handing over personal information on a lot of websites. Always think twice when handing over personal information, especially on shady websites.

I understand what you are referring to, but I'm saying that the risk of someone hacking this database has always been real. The best thing now would be that this turns out to be fake, but that it "teaches" Ledger, Trezor and Shopify to always fix the security holes in the software. Because, like you said - the biggest problem is that information can be used to hurt people and steal their money.


Yeah, that's true. But I don't understand why would someone wait 4 years to sell something like that. He certainly would get much more money if the hacked data was newer

But nevertheless, I hope this one turns out to be fake.

I am referring to a specific situation like this, not to general database hacking. If this were true then such a database would be a really big security risk, because each customer can be identified by full name, email address and phone number. Here we are talking about people who mostly own some significant amounts of crypto, and a way to locate and physically rob them, with of course sophisticated remote attacks via email/SMS/or phone calls.



So as I already wrote (based on tweet) the hacker claims that this is a database from 2016 or earlier, which means that it can only contain the earliest customers. I don't know where you get the idea that someone hacked the database yesterday and then only sells data from 2016? This database (if it exists at all) could have been hacked 4+ years ago, and has only now appeared on the market.

It could be, but the fact that Shopify is highly secured this might be just a false allegations. Shopify has a lot of third-party  but they are more secure than their competitors even some of them are self-hosted like Magento and Woocommerce. But then there is a risk of customers data that could be use to identity theft or any illegal activities online, Shopify should look deeply down to this.

Data breaching is harder than what you think, hackers could get into it but there are times that new data are being handle by different server with different security.

Why they keep the data online? - It has to do with their PCI compliance to implement and maintain a firewall.

I'm worried about those people whose data has been stolen like the name, address and phone number. If this came out to be true, they could be in danger.